SynXis Booking Engine - Single Sign On

Introduction

SynXis supports the single sign-on (SSO) of a guest from a loyalty member portal or brand website to the SynXis Booking Engine (SBE). This allows the guest to switch between applications while retaining a signed-in state.

Alternatively, a guest on SBE can log in using a Customer Relationship Management (CRM) system or Identity Provider (IdP) while staying on SBE providing a seamless experience. 

Note: Synchronization of Guest Profiles is a prerequisite.

• Hospitality Profile and Loyalty Management - Collection of APIs used to synchronize Profiles to the SynXis platform.

SSO Overview

SBE supports SAML and Custom OAuth version of SSO that a hotelier may choose to implement.

SAML

Security Assertion Markup Language 2.0 (SAML 2.0) is a standard for exchanging authentication and authorization information between security domains. It is an XML-based protocol that uses security tokens containing assertions to pass information between an Identity Provider (IdP) and a Service Provider (SP).

Service Provider Initiated Flow

A guest on a SynXis Booking Engine page initiates a login to a hotel or chain’s pre-configured IdP. The guest is redirected to the IdP authentication page and asked to provide their credentials. After successful validation, the guest is redirected back to SBE in a logged-in state.

Identity Provider Initiated Flow

A guest that is already logged in to an IdP can initiate login to SBE from the IdP portal and then navigate to SBE in a logged-in state.

Brand-site Initiated Flow

A logged-in guest on a hotel's brand website may click on an SBE link to make a reservation. The brand website initiates SSO via the IdP, then redirects the guest to SBE in a logged-in state.

Custom OAuth

SBE custom implementation of OAuth

SBE Redirect

A guest in SBE is redirected to a CRM/IdP for authentication then redirected back to SBE in a logged-in state.

SBE API

A guest in SBE enters their credentials which are sent in an API message to the CRM/IdP for authentication. The benefit of this option is that the guest remains in SBE and is not redirected to an external site.

Brand Site

A logged-in guest on a hotel's brand website may click on an SBE link to make a reservation. The brand website initiates SSO, then redirects the guest to SBE in a logged-in state.